PDF of this tutorial- The user must have some assurance that the authenticator is in fact the authority in question.
- The communication channel between the user and the authenticator must itself be secure (user and authenticator can be sure that no one is listening).
- It must be highly unlikely that an attacker would be able to guess the password. Usually this is accomplished by limiting the number of wrong guesses.
- If the user is a human being (as opposed, say, to a software process running on a computer), the password must be easy to remember – but not so easy that it can be easily guessed!
Today’s wireless networks are not your father’s timesharing system. Consider a user with a laptop computer accessing an 802.11 wireless network. The first problem is that the user has no way of knowing whether the access point is, in fact, operated by the administrator of that network. It might be a rogue access point operated by another user (an imposter) who may have a connection to the target network. If so, the user we’re concerned with may not even know that the data is being routed through an imposter’s computer.
The second problem is that the communication channel in this case is a radio network that can be monitored by anyone with a radio receiver. It is easy for an attacker to monitor legitimate users’ access attempts and collect their passwords without being detected. This problem can be mitigated somewhat through using a challenge/response authentication system in which the password is not itself transmitted over the air, but the user is presented with a challenge that is joined with the password and hashes with a secure hash function.
But now we have a new problem. The attacker can make password guesses on a separate computer by observing a single challenge and response and then attempting to join the challenge to his guesses, computing the resulting response, and comparing it to the observed response. Guesses can then be made at a very fast rate with neither the user nor the network administrator knowing about it. This form of attack is known as a dictionary attack because the attacker selects his guesses from a cracker’s “dictionary” of possible passwords.
Offline dictionary attacks can be mitigated by using a large random number in place of an easily remembered password. This makes it unlikely that the password would be in the attacker’s dictionary. But this violates the fourth assumption, that the password be easy to remember. To get around this problem, the password can be stored on the user’s computer, but now the user has to prevent the attacker from gaining access to it by walking up to the computer without the user’s knowledge or stealing the computer or, more alarmingly, by gaining unauthorized access to the user’s computer over the very network the user is trying to use.
As you can see, the requirements for wireless network authentication are much more stringent than those placed by a dialup timesharing system.
In this tutorial, we will first compile a list of requirements that an authentication method must meet in order to be appropriate for use over a wireless network. This list includes additional features that an authentication method should have and a list of features that some wireless authentication methods do have that may be helpful in some environments.
Next we consider the two main families of authentication methods that meet the wireless requirements. The first family consists of those methods that incorporate the use of public key certificates. The second family contains the password authentication methods. We consider a specific strong password method, SPEKE, which has particularly good characteristics for wireless use. Finally, in the conclusion we summarize the characteristics of the authentication methods in a table that also contrasts them with older legacy methods.
